Fix Authelia auth and bypass from within Wireguard

2022-03-21 18:34:41 +02:00
parent 9078296de6
commit 1d4e9de4ed
2 changed files with 7 additions and 1 deletions
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@@ -37,7 +37,9 @@ access_control:
        # traefik_internal
        - 172.19.0.0/16
        # Wireguard
-        - 10.8.0.0/24 
+        - 10.8.0.0/16 
        # Arr, for some reason
        - 192.168.240.0/16 
      policy: bypass
 #   Allow access to container's /api address
    - domain:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -98,7 +98,9 @@ services:
      - 'traefik.enable=true'
      - 'traefik.http.routers.authelia.rule=Host(`auth.pukeko.xyz`)'
      - 'traefik.http.routers.authelia.entrypoints=websecure'
      - "traefik.http.routers.authelia.service=authelia-traefik@docker"
      - 'traefik.http.routers.authelia.tls=true'
      - "traefik.http.routers.authelia.tls.certresolver=pukekoresolver"
      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.pukeko.xyz/'
      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
@@ -107,6 +109,8 @@ services:
      - 'traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
    networks:
      - internal
    expose:
      - 9091
 secrets:
  hmac:
    file: ./authelia/secrets/hmac